Operating System Software Security
VerifiedAdded on 2023/03/30
|8
|1388
|309
AI Summary
This report details a defense in depth approach for securing data on both Windows and Linux operating systems. It includes all standards and processes required to secure the various operating systems that run various Enterprise Resource Planning software needed by NetSuite ERP organization.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: OPERATING SYSTEM SOFTWARE SECURITY 1
Operating System Software Security
Name of the Student:
Name of the University:
Author Note:
Operating System Software Security
Name of the Student:
Name of the University:
Author Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
OPERATING SYSTEM SOFTWARE SECURITY
2
Abstract
This report detailing a defense in depth approach for securing data on both Windows and
Linux operating systems. It includes all standards and processes required to secure the
various operating systems that run various Enterprise Resource Planning software needed by
NetSuite ERP organization. The organization is focused on the activities of identification of
the vulnerabilities by using the hacking techniques and they are able to evaluate their security
measures through the process include at least one security control for each layer of defense.
The ERP software’s runs on both Windows and Linux operating system, hence the security of
the application running inside the computer system have effective impacts on the overall
security of the organization. Lack of security and improper control of an ERP software may
cause attack in the system software.
2
Abstract
This report detailing a defense in depth approach for securing data on both Windows and
Linux operating systems. It includes all standards and processes required to secure the
various operating systems that run various Enterprise Resource Planning software needed by
NetSuite ERP organization. The organization is focused on the activities of identification of
the vulnerabilities by using the hacking techniques and they are able to evaluate their security
measures through the process include at least one security control for each layer of defense.
The ERP software’s runs on both Windows and Linux operating system, hence the security of
the application running inside the computer system have effective impacts on the overall
security of the organization. Lack of security and improper control of an ERP software may
cause attack in the system software.
OPERATING SYSTEM SOFTWARE SECURITY
3
Operating System Software Security
The Enterprise System provides a complete SCM (Supply Chain Management)
solution with manufacturing, financial, distribution, planning, reporting and inventory
management capabilities (Varma & Khan, 2014). This process can be more effectively
handled by NetSuite enterprise to integrating it into various software platforms for processing
various services. The ERP software standardizes, integrates and streamlines business
processes over various sectors includes financial management and planning, production
management, order management, supply chain management, warehouse fulfilment and
procurement. In this report we will discuss the defense in depth approach for securing several
Enterprise Resource Planning software in the organization (Boyson, 2014). After, we will
analyse one security control for each layer of defense. Lastly, we will discuss the possible
vulnerabilities identified by the organization and the solution provided by first defense line
for both the operating systems.
Discussion
Role of Operating System (OS) software
An OS (Operating System) provides an interface among computer hardware and the
computer user so that they can be able to execute and control various programs associated
with it. It performs basic tasks such as memory management, file management, process
management, input-output handling, controlling other peripheral devices such as printers and
disk drives. Most of the modern computer system uses a single computing hardware which
executes multiple applications simultaneously. The various applications running within a
time sharing and multi-tasking environment, concurrently uses the same resources from the
system such as memory, CPU, I/O devices and disk drives, which is controlled by the
3
Operating System Software Security
The Enterprise System provides a complete SCM (Supply Chain Management)
solution with manufacturing, financial, distribution, planning, reporting and inventory
management capabilities (Varma & Khan, 2014). This process can be more effectively
handled by NetSuite enterprise to integrating it into various software platforms for processing
various services. The ERP software standardizes, integrates and streamlines business
processes over various sectors includes financial management and planning, production
management, order management, supply chain management, warehouse fulfilment and
procurement. In this report we will discuss the defense in depth approach for securing several
Enterprise Resource Planning software in the organization (Boyson, 2014). After, we will
analyse one security control for each layer of defense. Lastly, we will discuss the possible
vulnerabilities identified by the organization and the solution provided by first defense line
for both the operating systems.
Discussion
Role of Operating System (OS) software
An OS (Operating System) provides an interface among computer hardware and the
computer user so that they can be able to execute and control various programs associated
with it. It performs basic tasks such as memory management, file management, process
management, input-output handling, controlling other peripheral devices such as printers and
disk drives. Most of the modern computer system uses a single computing hardware which
executes multiple applications simultaneously. The various applications running within a
time sharing and multi-tasking environment, concurrently uses the same resources from the
system such as memory, CPU, I/O devices and disk drives, which is controlled by the
OPERATING SYSTEM SOFTWARE SECURITY
4
operating system (Silberschatz, Gagne & Galvin, 2018). To protect various applications from
attack, most of the operating system have their own abstract property such as TCB, processes,
files, ports, virtual memory space and IPC, etc. An OS perform following major activities to
ensure the security of the system software: the OS provides an authentication check feature
for individual users by entering their unique password. The OS provides protection against
the invalid access of the external input-output devices. It also provides control against
accessing various system resources.
Defense in depth approach for securing data
The defense in depth approach is a defensive mechanism to the cyber security, layered
architecture which helps to protect the crucial information and data (Göztepe, Kılıc &
Kayaalp, 2014). If the mechanism in which if one layer is fail, the next layer is immediately
active to prevent an attack. This type of multi layered approach increased the security of
overall system and identify various attack vectors. In general, Defense in Depth (DID)
approach is also known as “castle approach” is a concept of information assurance-(IA) that
consists of multi-layer security control has been placed in an information technology
(Ahmad, Maynard & Park, 2014). Whenever a security issue arise or security control fails it
provides procedural, personnel, physical and technical security for the computer system. The
defense mechanism can be break in three different areas: Technical, Physical and
Administrative.
The purpose of technical control is to provide protection to the computer system and
system resources. For examples, fingerprint reader, Windows Active Directory and disk
encryption. Technical control provides the protection to the contents of the system.
4
operating system (Silberschatz, Gagne & Galvin, 2018). To protect various applications from
attack, most of the operating system have their own abstract property such as TCB, processes,
files, ports, virtual memory space and IPC, etc. An OS perform following major activities to
ensure the security of the system software: the OS provides an authentication check feature
for individual users by entering their unique password. The OS provides protection against
the invalid access of the external input-output devices. It also provides control against
accessing various system resources.
Defense in depth approach for securing data
The defense in depth approach is a defensive mechanism to the cyber security, layered
architecture which helps to protect the crucial information and data (Göztepe, Kılıc &
Kayaalp, 2014). If the mechanism in which if one layer is fail, the next layer is immediately
active to prevent an attack. This type of multi layered approach increased the security of
overall system and identify various attack vectors. In general, Defense in Depth (DID)
approach is also known as “castle approach” is a concept of information assurance-(IA) that
consists of multi-layer security control has been placed in an information technology
(Ahmad, Maynard & Park, 2014). Whenever a security issue arise or security control fails it
provides procedural, personnel, physical and technical security for the computer system. The
defense mechanism can be break in three different areas: Technical, Physical and
Administrative.
The purpose of technical control is to provide protection to the computer system and
system resources. For examples, fingerprint reader, Windows Active Directory and disk
encryption. Technical control provides the protection to the contents of the system.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
OPERATING SYSTEM SOFTWARE SECURITY
5
The purpose of physical controls is anything which prevents or physically limits the
access to the Information Technology. For examples, guards, fences, CCTV systems, etc.
Physical control provides the protection to the physical systems.
Administrative controls follows organization's procedures and policies. The purpose
of administrative control is to describe the proper guidance over rules, regulations and
security are met. For examples, procedures, hiring practices, security requirements and data
handling.
Security control for each layer of defense
The following layers comprises defense in depth: antivirus software, biometrics, data
centric security, encryption, firewalls, multi factor authentication, vulnerability scanner,
internet security, Sandboxing and so on.
In computer system, a firewall is designed to provide protection against unauthorized
access to the computer system. It can be implemented as software as well as hardware. The
network firewall is used provide protection against unauthorized access to the internet from
the user that connected to the private network of organization (Razzaq et al., 2014). The
software firewalls protects the computer system from outside privileges attempts to gain
access to the computer. The hardware firewalls is an important feature in the network set-up
and system security. Most of the hardware firewalls are connected to the system through the
network ports. In case of large networks, a firewall solution for business networking is
available. Microsoft Windows has a Windows Firewall which can block and detect worms,
viruses and harmful activity from the various attackers.
Filtering Techniques of Firewall
5
The purpose of physical controls is anything which prevents or physically limits the
access to the Information Technology. For examples, guards, fences, CCTV systems, etc.
Physical control provides the protection to the physical systems.
Administrative controls follows organization's procedures and policies. The purpose
of administrative control is to describe the proper guidance over rules, regulations and
security are met. For examples, procedures, hiring practices, security requirements and data
handling.
Security control for each layer of defense
The following layers comprises defense in depth: antivirus software, biometrics, data
centric security, encryption, firewalls, multi factor authentication, vulnerability scanner,
internet security, Sandboxing and so on.
In computer system, a firewall is designed to provide protection against unauthorized
access to the computer system. It can be implemented as software as well as hardware. The
network firewall is used provide protection against unauthorized access to the internet from
the user that connected to the private network of organization (Razzaq et al., 2014). The
software firewalls protects the computer system from outside privileges attempts to gain
access to the computer. The hardware firewalls is an important feature in the network set-up
and system security. Most of the hardware firewalls are connected to the system through the
network ports. In case of large networks, a firewall solution for business networking is
available. Microsoft Windows has a Windows Firewall which can block and detect worms,
viruses and harmful activity from the various attackers.
Filtering Techniques of Firewall
OPERATING SYSTEM SOFTWARE SECURITY
6
Firewalls provides protection to both corporate and home networks. A typical
hardware device or firewall program filters various information accessing throughout the
internet connected to a network or a computer system (Knudsen et al., 2017). The various
types of firewall techniques to prevent system from harmful attack are discussed below:
Application gateway applies a security technique to the FTP servers and telnet
servers.
Packet filter keeps tracks of each packets that comes in and goes out from the system
or network. It is transparent and effective tool to the users.
Proxy server look at all messages receiving in and sending out from the network. It
hides the network addresses.
Circuit level gateway applies a security tool when established a UDP or TCP
connection. Once connection has been established the packets are sending to the host
without having checking (Pandey & Saini, 2014).
A firewall can be consider as the first defense line for protecting and securing private
information.
6
Firewalls provides protection to both corporate and home networks. A typical
hardware device or firewall program filters various information accessing throughout the
internet connected to a network or a computer system (Knudsen et al., 2017). The various
types of firewall techniques to prevent system from harmful attack are discussed below:
Application gateway applies a security technique to the FTP servers and telnet
servers.
Packet filter keeps tracks of each packets that comes in and goes out from the system
or network. It is transparent and effective tool to the users.
Proxy server look at all messages receiving in and sending out from the network. It
hides the network addresses.
Circuit level gateway applies a security tool when established a UDP or TCP
connection. Once connection has been established the packets are sending to the host
without having checking (Pandey & Saini, 2014).
A firewall can be consider as the first defense line for protecting and securing private
information.
OPERATING SYSTEM SOFTWARE SECURITY
7
Conclusion
This report helped to point the possible vulnerabilities in operating system security
that runs several Enterprise Resource Planning software in the NetSuite organization. There
are different approaches for developing a security control for each layer of defense. The lacks
in ERP software and vulnerabilities in operating system software identified by the
organization can be improved. The solution provided by firewall is one of the crucial layer in
defense mechanism for both the Windows and Linux operating systems. The firewall security
control is very useful for the operating system software to detect worms, viruses and harmful
activity from attackers.
7
Conclusion
This report helped to point the possible vulnerabilities in operating system security
that runs several Enterprise Resource Planning software in the NetSuite organization. There
are different approaches for developing a security control for each layer of defense. The lacks
in ERP software and vulnerabilities in operating system software identified by the
organization can be improved. The solution provided by firewall is one of the crucial layer in
defense mechanism for both the Windows and Linux operating systems. The firewall security
control is very useful for the operating system software to detect worms, viruses and harmful
activity from attackers.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
OPERATING SYSTEM SOFTWARE SECURITY
8
References
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2),
357-370.
Boyson, S. (2014). Cyber supply chain risk management: Revolutionizing the strategic
control of critical IT systems. Technovation, 34(7), 342-353.
Göztepe, K., Kılıc, R., & Kayaalp, A. (2014). Cyber Defense In Depth: Designing Cyber
Security Agency Organization For Turkey. Journal of Naval Science and
Engineering, 10(1), 1-24.
Knudsen, A. H., Pedersen, J. M., Sørensen, M. A. M., & Villumsen, T. D. (2017). Security in
the Industrial Internet of Things. Cybersecurity and Privacy: Bridging the Gap. River
Publishers, 119-134.
Pandey, A., & Saini, J. R. (2014). Attacks & defense mechanisms for TCP/IP based
protocols. International Journal of Engineering Innovations and Research, 3(1), 17.
Razzaq, A., Latif, K., Ahmad, H. F., Hur, A., Anwar, Z., & Bloodsworth, P. C. (2014).
Semantic security against web application attacks. Information Sciences, 254, 19-38.
Silberschatz, A., Gagne, G., & Galvin, P. B. (2018). Operating system concepts. Wiley.
Varma, T. N., & Khan, D. A. (2014). Information technology in supply chain management.
Journal of Supply Chain Management Systems, 3(3).
8
References
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2),
357-370.
Boyson, S. (2014). Cyber supply chain risk management: Revolutionizing the strategic
control of critical IT systems. Technovation, 34(7), 342-353.
Göztepe, K., Kılıc, R., & Kayaalp, A. (2014). Cyber Defense In Depth: Designing Cyber
Security Agency Organization For Turkey. Journal of Naval Science and
Engineering, 10(1), 1-24.
Knudsen, A. H., Pedersen, J. M., Sørensen, M. A. M., & Villumsen, T. D. (2017). Security in
the Industrial Internet of Things. Cybersecurity and Privacy: Bridging the Gap. River
Publishers, 119-134.
Pandey, A., & Saini, J. R. (2014). Attacks & defense mechanisms for TCP/IP based
protocols. International Journal of Engineering Innovations and Research, 3(1), 17.
Razzaq, A., Latif, K., Ahmad, H. F., Hur, A., Anwar, Z., & Bloodsworth, P. C. (2014).
Semantic security against web application attacks. Information Sciences, 254, 19-38.
Silberschatz, A., Gagne, G., & Galvin, P. B. (2018). Operating system concepts. Wiley.
Varma, T. N., & Khan, D. A. (2014). Information technology in supply chain management.
Journal of Supply Chain Management Systems, 3(3).
1 out of 8
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.